CVE-2009-3076

CVE-2009-3076 is a vulnerability in Mozilla Firefox prior to 3.0.14, where dialogs for PKCS#11 module addition/removal are not informative. This could allow remote attackers to trick users into installing/removing an arbitrary PKCS#11 module. The connected MiracleLinux advisory confirms Firefox 3...

CVE-2009-2346

CVE-2009-2346 affects the IAX2 protocol implementation in Asterisk (multiple releases across 1.2.x/1.4.x/1.6.x lines and Business/C.x branches; s800i) and allows a remote attacker to exhaust the call-number space by issuing a high volume of IAX2 messages, causing a denial of service. Connected ad...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

Null pointer dereference

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

kernel: udp socket NULL ptr dereference

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

Sun Java JDK/JRE JPEG Images Integer Overflow Vulnerability (Aug 2009)

Sun Java JDK/JRE is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 4 : kernel (RHSA-2009:1211)

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

Debian Security Advisory DSA 1849-1 (xml-security-c)

The remote host is missing an update to xml-security-c announced via advisory DSA 1849-1. OpenVAS Vulnerability Test $Id: deb18491.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1849-1 xml-security-c Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix several security issues and several bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...

FreeBSD : fetchmail -- improper SSL certificate subject verification (5179d85c-8683-11de-91b9-0022157515b2)

Matthias Andree reports : Moxie Marlinspike demonstrated in July 2009 that some CAs would sign certificates that contain embedded NUL characters in the Common Name or subjectAltName fields of ITU-T X.509 certificates. Applications that would treat such X.509 strings as NUL-terminated C strings...

Design/Logic Flaw

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...

CVE-2009-2718

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

CVE-2009-2718

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

CVE-2009-2717

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet...

Design/Logic Flaw

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security and bug fix update

Updated java-1.6.0-openjdk packages that fix several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and...

[Backports-security-announce] Security Update for xml-security-c

Russ Allbery uploaded new packages for xml-security-c which fixed the following security problems: CVE-2009-0217 CERT VU466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed...

linux rally SHELL a-vulnerability warning-the black bar safety net

!/ usr/bin/perl-w use strict; use Socket; use I:Handle; if$ARGV+1 != 2 print "$ARGV $0 RemoteIP RemotePort \n"; exit 1; my $remoteip = $ARGV0; my $remoteport = $ARGV1; my $proto = getprotobyname"tcp"; my $packaddr = sockaddrin$remoteport, cannot be stored correctly$remoteip; my $shell =...